How to Get Google+ Invitations

A few days ago I received an Google+ invitation from Angga Reza . Thanks to him I now have an Google + account . Looks great , better that facebook . If you want to get Google + invitation email me at buddy.coolboys@gmail.com , in email write your name , lastname and your gmail address.


Just follow steps below and you’ll be able to have google+ account .
1) Email me at hackspc@gmail.com , then I will add you as friend to a circle called “friends” and shared a post with you. It looks like this

2)Once you get the invite click on Learn more about Google+
3)On the next screen click on “Join +”:

4) This will trigger the notification to you and next time you enter http://plus.google.com you will be able to use it.
This is working for me , please let us know your comments. If you have already google + acc add me as friend , find me by email buddy.coolboys@gmail.com
Read more ...

Hacking Router Passwords Using a Dictionary Attack

In one of my previous post i told you about the Basics of Password cracking  In this tutorial i will teach you how to crack a Router password by using a dictionary attack  .



What is a Dictionary Attack ?

An attack that tries all  the phrases or words in a dictionary, trying to crack a password or key .A dictionary password cracker simply takes a list of dictionary words, and one at a time encrypts them to see if they encrypt to the one way hash from the system. If the hashes are equal, the password is considered cracked, and the word tried from the dictionary list is the password.

Can I make my Own Dictionary for Cracking ?

Yes you can make your own dictionary .There are plenty of world list generators which creates different types of words you can store the words generated by  the word list generator according to your needs  in a note pad and create  your own dictionary try googling them

What are the tools used for a Dictionary attack ?

There are many tools used for a dictionary attack you can refer my post on  Different Password Cracking Tools   But in this tutorial i will teach you how to crack router passwords using  Hydra  you can download the latest version of hydra from Here

Hacking Router  Passwords Using a Dictionary Attack

I will be using hydra which is installed in backtrack if you don't have Backtrack .Its ok you can do the same  by installing  Hydra - windows version
                                                     
For HQ version click Here


video


Disadvantages of  a Dictionary attack

The password should be there in the dictionary your using or this attack will fail
so always use a good dictionary for this attack . Logs will be created on PC or the router
your hacking so always use a proxy .

Read more ...

Acunetix Web Vulnerability Scanner (WVS)

Acunetix Web Vulnerability Scanner (WVS) is designed to audit web site security.



There is a free *nix based version as well as a Windows based version which ranges in price from a free trial to thousands of dollars.

// WVS contains a suite of tools designed to assist penetration testers in auditing web sites and also has the ability to output an easy to read summary for clients. What really sets this particular scanner apart from others is their proprietary AcuSensor Technology. By installing the AcuSensor Technology on the target system prior to scanning, one is able to decrease the number of false positives, identify more vulnerabilities, and accurately determine the vulnerable code. This works with closed source applications as well as open source. WVS will definitely work without AcuSensor, but, it is incredibly more accurate when this module is properly deployed on the target system.

// Composition of Acunetix Web Vulnerability Scanner:
Site Crawler - used to map a web site by following links and gathering information in a similar fashion to search engine web crawlers.
Target Finder - used to identify http/https servers from a given IP range.
Domain Scanner - used to enumerate additional sub-domains for use as potential targets.
Blind SQL Injector - automates the process of extracting database information through SQL injection.
HTTP Editor - for constructing custom HTTP/HTTPS requests in order to analyze responses.
HTTP Sniffer - HTTP proxy that allows logging, intercepting, and modifying HTTP/HTTPS traffic on the fly.
HTTP Fuzzer - allows fuzzing of request parameters or headers. Useful for determining buffer overflows or input validation errors.
Auth Tester - tool for performing dictionary based attacks against basic HTTP, NTLM, and form based authentication.

// WVS is capable of detecting a number of vulnerabilities including, but not limited to, the following:
Cross Site Scripting
Code Execution
SQL Injection
File Creation
Cookie Manipulation
CRLF Injection
Cross Frame Scripting
Directory Traversal
Email Injection
File Inclusion
Path Disclosure
PHP Code Injection
LDAP Injection
Remote XSL Inclusion
URL Redirection
XPath Injection
Source Code Disclosure
It also utilizes the GHDB (Google Hacking Database).
This is one of those very useful tools that penetration testers should seriously consider purchasing as it helps greatly when auditing web sites and servers and creating detailed reports for customers.


Read more ...

AATools

"Essential Security Diagnostic Tool for Everyone Who Wishes to Protect His Computer and The Data It Contains"

Have you been port scanned lately? Completely ignoring network security is not smart and ignorance isn't exactly bliss. If you access the Internet via a cable modem, DSL, or even a dial-up connection, someone is always knocking on your virtual front door, giving your system the once-over.
Whether you dial-up your ISP or have an "always on" cable modem, the first item on your agenda needs to be finding a secure firewall to protect your computer. Some firewalls are better than others, but you should never trust clever advertising claiming that a cheap firewall will completely protect your data. Once you have decided on a firewall, be it a hardware or software solution, testing the security of that firewall is essential, and AATools is just a testing utility that verifies the integrity of your security and firewall functions.
Advanced Administrative Tools (AATools) investigates and gathers information about your computer, network status, and service availability. That is a layman’s way of saying it performs an inspection on everything vital to network security as it pertains to the protection of your computer, including the utilization of tools to check open ports, proxies, email lists, Internet applications, and general system information.
Useful for system administrators, service personnel or anyone who simply wants to know more about their PC and its connections to the network or Internet, audit your network security.
– ZDNet/Hotfiles.com
AATools includes:
  • Port Scanner with an internal database of ports (officially assigned, unofficially used, or currently affected by network Trojan programs) that analyzes hosts and different services that have been started on them. Its comprehensive scanning engine gathers information about the services, threads, etc. The AATools Port Scanner accurately determines active ports/services using TCP/UDP port interrogation.
  • Proxy Analyzer that tests lists of proxies and/or verifies a list of addresses on present proxy servers. It provides the most detailed information about the proxy itself, including, its headers, locations etc.
  • RBL Locator (RealTime BlackList Locator) designed to quickly search for an IP address in DNS-Based spam databases. RBL Locator checks an IP address against the most known blacklists. It helps you determine if you're listed as a "bad actor" within any of the shared blacklists.
  • Trace Route that shows you the path that a packet sent from your machine to some other machine on the network takes as it hops from router to router. It will show you the IP address and the actual name of each router, line-by-line.
  • Email Verifier – your unique solution for the "message delivery error". You don't need to disturb your clients and friends anymore to verify whether their e-mail addresses are still valid or not. Email Verifier connects directly to their SMTP server and checks it for you. Nothing is sent to the recipient.
  • Links Analyzer – a new state-of-the-art utility that scans your URLs and IE Favorites and notifies you if a link has been changed or has become invalid. It also acts as a navigation tool and makes it very easy to find what you are looking for eliminating the need to search inside folders.
  • Network Monitor that shows you an extremely large amount of supplementary information about your outbound and inbound network connections. Plus, the AATools Network Monitor maps open ports to the owning application (for Windows NT/2000/XP only). It is useful in diagnosing networks and monitoring your computer's network connections.
  • Process Monitor that provides you the information about the processes and applications loaded into your PC's memory, including sniffers and hooks.
  • Whois, a useful network information utility that allows you find all the available information about IP addresses, host names, location, NSP name, administrator and technical support contact information of any Internet address.
  • System Info that collects and displays your system configuration information. Support technicians require specific information about your computer when they are troubleshooting your configuration. You can use the System Info tool to quickly find the data they need to resolve your system problem.
  • Resource Viewer intended for viewing the resources of executable files (with the .exe and .dll extension). It displays comprehensive information about program resources including dialogs, icons, strings and more. Resource Viewer can also be used to save resources of any selected module on your hard disk.
  • Registry Cleaner that cleans up unnecessary registry entries in your registry and helps increase your computer performance, speed up the operation system loading and reduce the number of failures.
System Requirements
* Windows 2000/XP/Vista/7 (32-bit)
* Internet connection or TCP/IP enabled LAN.
* Internet Explorer 5.5 or higher.

Download Now :
Advanced Administrative Tools
Version: 5.92
For Windows 2000/XP/Vista/7 (32-bit)
* No Mac or Linux version available
Read more ...

Trojan Sub7

If you haven't heard of Sub7, I suggest you leave now, find out what it is, then come back. Stop wasting my time. If you think you have the skilled mind for it, stick around, and I will introduce you to one of the many essential tools hackers have ready at all times.

Origin

Sub7 was invented in the late 1980's by a legend known as Mobman. Mobman wanted to make the basic tasks of a hacker easily accessable and easy to implement. I'm not sure what exactly he programmed it in, but it was probably something extremely difficult and involved, like Visual Basic or A+. I read up on Mobman, no one knows of his whereabouts and some even claim that he is dead (real hackers know better). Either way, we can all thank Mobman for this great program.

What it is

Sub7 is a R.A.T (Remote Administration Tool) that basically has two parts: a client, and a server. After you have the server installed on another machine, or trick another person into installing the server on their machine, you can use the client to connect to them through network protocols and routes. After you're connected to them, the client provides you with a series of hacking tools and features to use on your victim. Which, obviously, is the goal of any hacker.
Sub7 has made this easy, but the only hard part is having the server installed on the other machine. You can see the official Sub7 website for tactics on how to accomplish this.


Screenshot of the Sub7 client window



Features

Sub7 is well-known for it's wide selection of elite tools and features. Listed below are just a few that come to mind:
  • Keylogger
  • Uploader
  • Server
  • Customized skins
  • Hide cursor
  • Client
  • CDROM close/open
  • Hide cursor
  • IP Pinging
  • Name lookup/revolution
  • Change the appearance of icon

Availability

Sub7 was banned by the United Nations in 1995, but I consulted my many underground resources and found it for you. The last version that was made was Sub7 Legends, and is available for download here. This file is extremely rare, and was very hard to find. I had to download it through KaZaA.
Again, as with many things found on this site, the creator of this site is NOT responsible for anything you do with the knowledge or tools found within the site. Everything here is for educational purposes only. If you do not agree, leave now.
Read more ...

CallerIP

Similar to Caller ID for your telephone, CallerIP shows you who is connecting to your system at any time.
# Plot all connections
This feature enables you to have CallerIP plot all the connections on the world map. This in turn allows for easy and quick analysis of where connections made to/from your machine reside.
# New look table
The new look table includes gradient fills. This means the color of the row in the table depends on the threat of the connection. If the connection being made to your machine is harmless then the gradient will be green. Another quick an easy way to identify the threat of a connection.
# Condensed CallerIP
CallerIP now allows you to minimize it to a very small and detailed dialog box. The small window gives you everything you need to know but stays in the background.
# Realtime monitoring instantly identifies suspect activity and spyware
CallerIP monitors all connections to and from your system and actively scans ports for possible back doors that allow unauthorized access.
# Identifies the country of origin for all connections
A connection to/from a high-risk country is a key indicator of suspect activity and could likely be someone looking to steal your confidential information or compromise your system. CallerIP shows you the country location of connections so you can identify suspect activity and protect your information.
# Network Provider reporting with abuse reporting information
See the contact and abuse reporting information for the company providing internet access for an IP address or website, so you can easily report hackers or Internet abuse.
# Worldwide Whois reports
CallerIP Pro queries worldwide databases to report the up-to-date registration information for the 'owner' of an IP address or domain. Information includes name, address, phone and email contact information.
# Detailed log of connection history with search options
Each connection or attempted connection is automatically logged, with search capabilities for quick lookups of past connection activity.
Advanced Features
# The Advanced Edition includes all the standard features plus:
# CallerIP Server
Allows you to monitor your machine from a remote location. You can view the Caller History and Current Callers list in a browser window from anywhere in the world. Keep tabs on your home PC from the office of vice versa. No need to worry about your PC being connected to without your permission. The ultimate in PC security. Screenshot.
# Improved logging technique
Searching large log files is literally hundreds of times faster than before. Find any IP or connection in lightning quick time.
Automated alerts of high-risk connections
Instant notifications for high risk or suspect connections are provided by email, pop-up window, or color-coded reports. And customizable alerts enable you to see an alarms for a connection by type (incoming/outgoing), country of origin, IP address, port or process name.


Read more ...

Hack Facebook / Twitter Accounts by stealing cookies

In this tutorial i will explain how to hack a Facebook/twitter accounts by stealing cookies. This method works only when the victims computer is in a LAN (local area network ).Best place to try out this is in schools ,collages ,cafes . where computers are connected in LAN .Before i proceed let me first explain "cookies "




What are cookies ? and what is the use of stealing cookies ?

Cookies are small files that stored on users computer by websites when a user visits them. The stored Cookies are used by the web server to identify and authenticate  the user .For example when a user logins in Facebook a unique string is generated and one copy of it  is saved on the server and other is saved on the users browser as Cookies. Both are matched every time the user does any thing in his account


So if we steal the victims cookie and inject them  in our browser we will be able to imitate the victims identity to the web server and thus we will be able to login is his account . This is called as Side jacking .The best thing about this that  we need not no the victims id or password all we need is the victims cookie

Hack Facebook / Twitter by stealing cookies 


Things we need 


1. Ettercap or Cain and able for ARP poisoning the victim
2. Wire shark for sniffing and stealing cookies
3. Firefox browser and Cookie logger add on for injecting the stolen cookies in our browser




Procedure :-


1. First ARP poison the victim .For this you can refer my previous articles on how to ARP poison the victims computer using Cain and able or Ettercap

2. After ARP poisoning open Wire shark ,click capture button from the menu bar , then select interface .Now select your interface (usually eth0 ) finally click start capture .

3. Now you can see the packets being captured , wait for a while till the victim logs in his account( Facebook /twitter ),

4. Mean while Find the IP address of Facebook ,for this you can open  CMD (command prompt ) and enter .Ping Facebook.com to find its IP address


5. Now filter the packets by entering the the IP address (Facebook) in the filter bar and click apply



6. Now Locate HTTP Get /home.php  and copy all the cookie names and values in a note pad as shown



7. Now open Firefox and open add and edit cookies ,which we downloaded earlier , add all the cookies values and save them as shown


8. Now open Facebook in a new tab , you will be logged in the victims account .


VoilĂ  ......you have hacked the victims Facebook account by stealing cookies , You can also follow the same steps to hack  Twitter accounts
Read more ...
Powered by Blogger